Comment on Plex got hacked.
AA5B@lemmy.world 1 week agoIn some ways 2fa is a weak spot even disregarding recovery processes being open to social engineering, now you’re giving a verified identifier uniquely tied to you
I generate unique email addresses and passwords for every account but can’t realistically do that with phone numbers
2fa by sms or voice isn’t especially secure anyway since you’re open to sim attacks and social engineering. I have a lot more hope for Passkeys but don’t really trust the practical advice arts of managing them yet
Smoogs@lemmy.world 6 days ago
…second phone number…
Anyways… we are digressing here,
at this point it’s a lot like protecting anything in life: prevention and making yourself less tasty to a psycho.
If you’ve set it even two step You’re already doing way more than any user they are probably intending this warning to do more to protect themselves who set their password to “password” or phrases haven’t changed it in decades and would even prefer to publicly post their passwords on social willing to give up their entire savings rather than having to do anything further as if technology is too beyond and suddenly so super complex that they have to use different keys on their keyboard other than letters.
You don’t have apply every threat like it’s calculus in a situation where there are people who are scared of even doing basic sums.
This situation was hashtags. Literally. And all they are asking is to rehash it. And here you are already disposing of the 2nd feature after that.
AA5B@lemmy.world 6 days ago
Of course but it doesn’t scale. I’m currently up to 182 unique generated email addresses to help keep my online accounts a little more secure. But they all go through one or two phone numbers, leaving me more open to sim attacks, social engineering and data aggregation